ps 7 acting strange .. not sure if malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by ericbk, Feb 22, 2009.

  1. ericbk

    ericbk Private E-2

    i don't know if i have malware but here are my logs. photoshop 7 was acting pecular and now I've deleted it .. so i won't reinstall it till i'm sure i have a clean machine
    thanks if u can help.
     

    Attached Files:

    ericbk, Feb 22, 2009
    #1
  2. ericbk

    ericbk Private E-2

    there didn't seem to be a mgtools.zip file?? i don't know if the app ran all three batch files.
    sorry,
    eric
     

    Attached Files:

    ericbk, Feb 22, 2009
    #2
  3. ericbk

    ericbk Private E-2

    finally figured out how to disable avg 8. so i could run combofix. so here's the file.
    i hope u can help. i hope more that nothing is gone awry with my pc.
     

    Attached Files:

    ericbk, Feb 23, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your MGLogs are right where we say they are:
    C:\MGLogs.zip

    However, I am not seeing anything that relates to malware. It is rather unusual for malware to attach one program only ( unless it is a cracked program -- > but it would spread to other files/ folders).

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 24, 2009
    #4
  5. ericbk

    ericbk Private E-2

    thank you for ur help. i tried to uninstall combofix from my desktop .. i can see it there the .exe file using your path in run but it just tries to run it:
    *"%userprofile%\Desktop\combofix" /u
    any help would be appreciated. thanks
     
    ericbk, Feb 24, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that were created.
     
    TimW, Feb 24, 2009
    #6
  7. ericbk

    ericbk Private E-2

    thank you.
    i also have a request from Zone alarm about Prevalence reporter trying to access the interent zone. i don't know what its for and googled it the answer wasn't clear ..threat or not. it doesn't seem to do anything. however i can't log into avg forum and i don't seem to be able to update the virus files? the data? most days?:confused


    eric
     
    ericbk, Feb 25, 2009
    #7
  8. ericbk

    ericbk Private E-2

    i tried to uninstall avg 8 thru control panel and i get the following error:
    Local machine: installation failed
    Installation:
    Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
    Error 0x80070005


    and it won't uninstall ..can't be removed can u help me?
     
    ericbk, Feb 25, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Feb 25, 2009
    #9
  10. ericbk

    ericbk Private E-2

    thank u. it was worth a try it said i had things running in the backgrd ie and mail reader and some other things i didn't recognize. any way it wouldn't uninstall after shutting down all the software and gave the same error:
    Local machine: installation failed
    Installation:
    Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
    Error 0x80070005
    Eric ...so waz up?
     
    ericbk, Feb 25, 2009
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to pursue this in the software section as this is not a malware issue. You will have to stop all AVG services before trying to uninstall.
     
    TimW, Feb 25, 2009
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds